1

I am trying to generate a 10-character random password in Solaris servers. The examples give around the web are for Linux and mostly not working in Solaris.

Gilles 'SO- stop being evil'
  • 829,060
judi
  • 71

2 Answers2

3

You can get cryptographic-quality random bytes from /dev/urandom. (This exists since Solaris 9. It also exists on Linux.) This includes unprintable characters, so you need to remove those. The following command extracts 10 random printable, non-space ASCII characters.

</dev/urandom tr -dc '!-~' | dd ibs=1 obs=1 count=10

I don't recommend using special characters in passwords. They don't make passwords more secure. What makes the security of a password is its entropy. A 10-character password has 10×log2(94) ≈ 65.5 bits of entropy. You can get the same amount of entropy from 9 arbitrary bytes and encode them as you wish, for example as hexadecimal.

</dev/urandom dd ibs=1 obs=1 count=9 | od -tx1 -An | tr -d ' '

Or as Base64, which is shorter.

</dev/urandom dd ibs=1 obs=1 count=9 | uuencode -m - | sed -n 2p

If there's some hard constraint that “passwords must contain at least one special character” (which is a questionable way to make passwords selected by average humans more secure, and it completely wrong for randomly generated passwords), then you can't simply use a random password, because there's a chance that it'll happen not to contain any character in a required class. If you reject passwords that don't meet the constraint, you're reducing the security of the password. Instead, make the password longer, e.g.

</dev/urandom dd ibs=1 obs=1 count=9 | uuencode -m - | sed '2!d; s/$/-Aa1/'

If you need the password to be memorable, that's a different problem. The best memorable passwords are passphrases.

Gilles 'SO- stop being evil'
  • 829,060
  • can this stdd in and out be removed please sol10 # dd if=/dev/urandom ibs=1 obs=1 count=9 | uuencode -m - | sed '2!d; s/$/-Aa1/' 9+0 records in 9+0 records out A9xk0r4MvMCY-Aa1 sol10 # – judi May 08 '18 at 14:06
  • Thanks Much , this will eliminate the dd command output. dd if=/dev/urandom ibs=1 obs=1 count=9 2>/dev/null | uuencode -m - | sed '2!d; s/$/-Aa1/' – judi May 08 '18 at 14:20
  • I know this is old, but can you explain the !-~ part passed to tr? From the man page it seems like it's all characters except the value of ! to ~? From my testing seems like I can definitely get random sequences with ! - and ~ in them. So not sure what that is excluding. Thank you! – xbakesx Aug 26 '22 at 20:22
  • 1
    @xbakesx I think you missed -c. tr -dc CHARS deletes (-d) the characters in the complement (-c) of the set CHARS, i.e. it keeps the characters in CHARS. tr -dc '!-~' excludes control characters, non-ASCII characters and spaces. – Gilles 'SO- stop being evil' Aug 26 '22 at 20:42
  • That is definitely what I did. So it keeps any characters between code points 33 ! and 126 ~. Clever girl. – xbakesx Aug 26 '22 at 21:01
-1

You have perl in Solaris, it helps:

perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10'

With special characters it will be:

perl -e 'print [0..9,a..z,A..Z,qw{- _ / & ?}]->[rand 67]for 0..10'
Sasha Golikov
  • 251
  • Thanks - but there is no special characters. 
       sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10'
    e9RKUJiss3
    sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10'
    zLdxvTqlJT
    sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10'
    AiaiDubgye
    sol10 # perl -e 'print[0..9,a..z,A..Z]->[rand 62]for 1..10'
    lJxiV2iDwY
    sol10 #
    – judi May 08 '18 at 12:01
  • You may add special characters in such way: perl -e 'print [a..z,A..Z,0..9,qw{- _ / & ?}]->[rand 67]for 0..10' – Sasha Golikov May 08 '18 at 12:24
  • 1
    No, Perl's rand is not suitable to generate a password. This answer is insecure. – Gilles 'SO- stop being evil' May 08 '18 at 12:31